diff options
Diffstat (limited to 'app/Middleware/AuthenticationMiddleware.php')
-rw-r--r-- | app/Middleware/AuthenticationMiddleware.php | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/app/Middleware/AuthenticationMiddleware.php b/app/Middleware/AuthenticationMiddleware.php new file mode 100644 index 00000000..499843fd --- /dev/null +++ b/app/Middleware/AuthenticationMiddleware.php @@ -0,0 +1,56 @@ +<?php + +namespace Kanboard\Middleware; + +use Kanboard\Core\Controller\AccessForbiddenException; +use Kanboard\Core\Controller\BaseMiddleware; +use Kanboard\Core\Security\Role; + +/** + * Class AuthenticationMiddleware + * + * @package Kanboard\Middleware + * @author Frederic Guillot + */ +class AuthenticationMiddleware extends BaseMiddleware +{ + /** + * Execute middleware + */ + public function execute() + { + if (! $this->authenticationManager->checkCurrentSession()) { + throw AccessForbiddenException::getInstance()->withoutLayout(); + } + + if (! $this->isPublicAccess()) { + $this->handleAuthentication(); + } + + $this->next(); + } + + protected function handleAuthentication() + { + if (! $this->userSession->isLogged() && ! $this->authenticationManager->preAuthentication()) { + $this->nextMiddleware = null; + + if ($this->request->isAjax()) { + $this->response->text('Not Authorized', 401); + } else { + $this->sessionStorage->redirectAfterLogin = $this->request->getUri(); + $this->response->redirect($this->helper->url->to('AuthController', 'login')); + } + } + } + + protected function isPublicAccess() + { + if ($this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) { + $this->nextMiddleware = null; + return true; + } + + return false; + } +} |